Tip

A converged network is risky business for an SMB

A converged network can create security problems unheard of in the traditional, voice-only telecom world.

    Requires Free Membership to View

Traditionally, calls are sent and received over closed, circuit-switched networks. Security and performance concerns are minimal in that world. Calls rarely get dropped. Eavesdropping on a call only happens if someone has physical access to the dedicated circuit set up between the two endpoints.

But the introduction of Voice over Internet Protocol (VoIP) into a network can have dramatic consequences. Instantly, the once simple and secure voice call is broken up into thousands of far-from-secure IP packets that are sent over public and private networks and re-assembled at the other end. Along the way, the call (and, by extension, the whole network) can be hacked at various points inside and outside the company network.

Common threats and vulnerabilities of a converged network

In a converged network the threats against data remain unchanged, yet their reach is wider. For example, a denial-of-service (DOS) attack against a router can also damage phone communications.

As many VoIP protocols are open source -- notably, the Session Initiation Protocol and H.323, the two most widely used –- it's easy for hackers to get copies of them and launch attacks. While open source applications and protocols are (arguably) more secure than proprietary ones, they are not invincible.

In a converged network the threats against data remain unchanged,
yet their reach is wider.

,

Operating system (OS) threats come into play because a lot of call-processing software runs on Windows or on open source operating systems. Hackers attack Microsoft products every hour of the day and are increasingly turning their attention to the open source world. Viruses, worms, Trojan horses and spyware, originally intended to steal and corrupt IP data, can ruin the quality of voice and video communications, too.

One of the weakest points in a converged network is the remote access connection from a home-office or road warrior's computer. The connection can become the pinprick-sized hole in the firewall that allows hackers to unleash viruses, spyware and other destructive attacks. The security consequences include data theft, privacy violations and breaches in regulatory compliance.

Protecting your converged network

Faced with the above threats and vulnerabilities, the best course of action is to develop a strong security policy that includes multiple layers of protection and covers key issues. This policy should protect the perimeter layer, the network layer, the host layer and the application/data layer. Multiple layers of protection are the best safeguard against the ingenuity and determination of hackers, and against viruses and malware.

Key issues for each layer:

  • Passwords. You need a very strict policy for their usage and how often they are changed. It's good to have long passwords and to change them frequently.
  • Secure access to network equipment. Access to networking equipment has to be tightly controlled. If a router or firewall is penetrated, the network will be at risk. To maximize security, you should use both the secure shell (SSH) and transport security (TLS) protocols, both of which use encryption. SSH allows data to be exchanged over a secure channel between two computers. TLS provides secure Internet communications.
  • Virus protection. Viruses are an every-hour-of-the-day threat, so you need to guard against them vigorously and update virus patterns constantly.
  • Operating system updates. OS intrusions happen all the time, so it's wise to keep abreast of all updates. Your security policy should ensure that all machines are updated speedily.
  • Disaster recovery. It's vital to have a disaster recovery plan -- a single major network intrusion could seriously damage your business, or even bring it down.

If you follow these steps, your small or medium-sized business can enjoy all the benefits of converged network without putting your network and entire business at risk.

Herman Mehling is a freelance writer based in San Anselmo, Calif. Contact him at hermanmehling@sbcglobal.net.


This was first published in December 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.